Comment by userbinator
10 days ago
"Device security checks" is the most horrifying aspect as it basically means "officially sanctioned hardware and software", and leads straight into the dystopia that Stallman warned us about in Right to Read.
There is some amusing irony in the EU relying on the US for furthering its own authoritarianism. It's unfortunate that freedom (in the classic rebellious, American sense) never became that popular in the EU, or for that matter, the UK.
> leads straight into the dystopia that Stallman warned us about
IMHO, the push for age verification is just a stepping stone towards requiring a mandatory ID for all social media posts made from EU. Given the current trends against freedom of speech, it's not unreasonable to think that by the end of the decade any site, including HN, might need to link usernames with their respective eIDs in case posts come from EU IP addresses.
> officially sanctioned hardware and software
Right now, if you want to run an alternative OS, it's already an uphill battle to use tons of member state services, as well as to do banking. Even if you have microG available, the situation is terrible. I imagine it's going to become harder. I cannot understand why the European Commission wants to reduce our reliance on FAANG services, and at the same time they make Google Play a de facto standard, reinforcing the mobile duopoly. In this context, free alternative mobile platforms, such as Sailfish, cannot flourish.
> I cannot understand why the European Commission wants to reduce our reliance on FAANG services, and at the same time they make Google Play a de facto standard
It seems to be different branches of the EU? This has been a recurring problem in EU tech legislation - the EU government bodies are sufficiently autonomous that the right hand seldom knows what the left is doing...
To quote Yes, Minister:
> Hacker: One of your officials pays farmers to produce surplus food, while on the same floor, the next office is paying them to destroy the surpluses.
> Maurice: That is not true!
> Hacker: No?
> Maurice: He is not in the next office, not even on the same floor!
They aren't autonomous at all though. All EU law comes from the Commission, which is a singular body run by a single appointed president, with everyone reporting directly to her. The Commission answers to nobody and the Parliament can't tell it what to do, just rubberstamp what it produces.
This is the best case scenario for coherency in law making. It's designed to be as undemocratic as possible, so there's no need to make compromises or engage in pork barrel politics to get stuff over the line. The incoherency of the EU's approach is just a consequence of the incoherent thinking coming from the top. The EU always has extremely powerful but very low competency presidents, always for some reason those who were failures at national politics.
5 replies →
"right hand" pretty nicely fits. The EU/EVP is much more conservative/right wing then many of its citizens are prepared to accept. Its a pretty nice propaganda-machinery that made this possible. Ask a random EU citizen if they are aware that conservatives are leading the EU since 30 years... You'll be surprised.
2 replies →
> I cannot understand why the European Commission wants to reduce our reliance on FAANG services, and at the same time they make Google Play a de facto standard, reinforcing the mobile duopoly.
It's called bad faith, and it's an all too common problem with politicians and business types alike.
The problem is massive corruption and institutions deemed to fight it are corrupt themselves.
Von der Leyen and the rest of the Commission aren't politicians nor business types. They don't run for election, they're all appointees. And most of them have never run a business either.
7 replies →
In this case it seems more like incompetence mixed with classic Euro bureacracy. The suits don't know better and consumers are braindead so won't even notice
> "it's not unreasonable to think that by the end of the decade any site, including HN, might need to link usernames with their respective eIDs in case posts come from EU IP addresses."
A rule of thumb that works too often is "how is mainland China doing things?"[0], and assume the West will follow behind shortly.
[0] https://www.washingtonpost.com/world/2025/07/15/china-digita... ("Big Brother gets new powers in China with digital ID system")
(tl;dr: Mandatory digital ID, with central government attesting and holding personal data in escrow. The "privacy-preserving", "least-bad option" a sizeable portion of even HN itself advocates for).
> "This means that companies, like social media site Weibo or online shopping behemoth Alibaba, will no longer be able to see the personal information of their users with digital IDs — but Chinese authorities will be able to see the real identity behind online accounts across a range of sites."
Oh well at least the Chinese aren't Christians.
1 reply →
Is it worse than requiring a phone number?
It's already close to impossible. Banking apps and government apps are close to mandatory to function in today's society, yet they plain do not work on Lineage, even with microg, or they work but need ridiculous workarounds. Never mind other "soft mandatory" things like messaging apps or whatever.
I'm dedicated and I have a literal PhD in computer science, yet I'm fucking exhausted fighting this battle all the time. 0.1% chance someone has the capability to, and willingly goes through all this bother.
Then tfa is just a nail in the coffin.
Can't you have two phones: a Lineage phone for personal stuff and a Big Brother phone for banking and government and everything else uninstalled or disabled?
VPN ban is coming next.
VPN ban coming now in the UK
https://news.ycombinator.com/item?id=44722216
> In this context, free alternative mobile platforms, such as Sailfish, cannot flourish.
If you are a system that depends on people being constantly under the yoke of your jurisdictional powers, you do not want a strong, free, ecosystem. You want as little diversity as possible, ideally two so there is an illusion of choice.
> I cannot understand why the European Commission wants to reduce our reliance on FAANG services, and at the same time they make Google Play a de facto standard
You'll be surprised, most of the time it's simple ignorance: the people making decisions don't know everything about everything. Hence democracy comes to rescue.
But the way the European Commission takes decisions is anti-democratic (secret draft documents, undisclosed lobbying, overlooking the role of the Parliament…)
>any site, including HN, might need to link usernames with their respective eIDs
I think, keybase already does it, and there are users here with signed proofs of identity.
I would honestly love that. No more paid trolls on social media, the democratic process has a chance to adapt to technology, we can avoid the fate of the US.
Companies are neither minors or adults. Account management for paid shills will be handled between customer support backend infra and social media API servers, not subject to any particular rules.
1 reply →
... and all the social media posts having been pre-approved by Minitrue. What a glorious world we shall live in.
This is no longer just rhetoric. Meanwhile, the EU’s polite, tea-drinking cousin, the UK has quietly deployed a “social media surveillance unit.” Not to fight trolls or bots, of course - but to ensure His Majesty’s Subjects think correctly in public. Doubleplusgood, wouldn’t you say? [1]
[1] https://www.independent.co.uk/news/uk/home-news/police-socia...
15 replies →
People would just buy a ton of hacked accounts just like today.
1 reply →
> No more paid trolls on social media
If you didn't come up with a way to have paid trolls in such a system doesn't mean that there won't be any.
3 replies →
Only until the next Reichstag fire, I suspect, because by then there won't be any more democracy.
62 replies →
People like you are the death of freedom.
21 replies →
Good luck convincing America to go along with this, especially in the current political climate.
The EU doesn't have power beyond their jurisdiction, as much as they may pretend otherwise. Facebook and Google go along with what the EU wants because they make money there, and have physical properties located on the continent. YC does not.
EU doesn't need to convice anyone. They can just make it mandatory and block anyone that doesn't comply.
"a mandatory ID for all social media posts made from EU. Given the current trends against freedom of speech"
what?? how is this againt freedom of speech???, south korea implement this ages ago and there is nothing like that
https://en.wikipedia.org/wiki/Internet_censorship_in_South_K...
I wouldn't consider South Korea as having any meaningful freedom of speech; in fact they seem closer to China than the EU.
SK had this, and it appeared to have turned their entire WWW into 4chan with cult radicalisms. Their state of online speeches and its real world negative consequences are crazy. People on permanent records in real name never backs down because they more tangibly feel their mistakes as threats, and if you think about it, people who never backs down even if they are in wrong are effectively cultists. It's clear what these types of totalitarianism do and where this path ends. It's crazy EU don't get that.
2 replies →
There's not a trend against freedom of speech so much as existing laws outlawing certain categories of speech being applied to the internet. If you lie in a commercial context, that's fraud; if you lie in court, that's perjury; if you tell your buddies to go do crimes together, that's conspiracy to commit; if you tell someone to give you money or else, that's blackmail...
If you come from the perspective that there used to be freedom of speech and now there's all those pesky laws restricting what you can say, it looks like a slippery slope. If you realize that people have been required to check ID when selling material unsuitable for minors in physical stores since before the internet existed, it seems a bit more unlikely that ID requirements will expand to cover everything else.
The trouble with these analogies is that they ignore the nature of the internet.
If there is a law in one jurisdiction that says you have to be 21 to buy some product and a different jurisdiction sets it to 18, or has no age restriction at all, and someone who is underage in the first jurisdiction goes to the second jurisdiction to buy that thing, what happens? The seller sells it to them. This has always been a completely normal thing for people to do in border towns, or when people e.g. visit Amsterdam because of less restrictive drug laws.
The internet allows anyone to visit the site of a supplier located outside of their jurisdiction. That's completely normal an expected too. It also makes things like age verification laws for digital content pretty much entirely worthless, because most of the suppliers weren't in your jurisdiction to begin with and the ones outside of it are... outside of your jurisdiction.
Governments now want to pretend that it matters where the user is rather than where the site is, but that's a joke because there is no way for the site to even know that. If you try to require it then they'll either ignore you because they're actually entirely outside of your jurisdiction and you can't impose penalties on them for not complying, or treat IP addresses in your jurisdiction differently (possibly by banning them entirely) and then people there will just use a VPN.
Neither of these cause the law to be effective and ineffective laws are inefficient and embarrassing.
2 replies →
> If you realize that people have been required to check ID when selling material unsuitable for minors in physical stores
Not a great example.
No physical store would bother to check the ID of anyone clearly not {too young or borderline}.
Digital ID requirements are such that age verification of some form is required for every single connection .. and to assume that a connection from {X} might well require another ID check an hour later as it might well be a different person at the same computer or another device altogether.
That's an expansion from {only check young looking people} to {check and possibly retain records for _everyone_}.
6 replies →
There is no "freedom of speech" in the US sense in the EU/UK. That's often a cause for misunderstanding between the two sides of the Pond.
There are many things that you are not allowed to write or say by law in EU countries simply because the legislator has decided that they are wrong opinions, and it is generally accepted that the State can and should implement such controls.
Note that lying is not a crime in general. Your examples are for very specific contexts.
30 replies →
If there's an argument here, it's a mess. You first talk about speech. Commerce is barely speech--it's actually using the public market--and there is a legitimate opinion that applying civil rights to companies is already a corrupt abuse of our society. Perjury is strictly limited to one context existing since the dawn of time (courts), it is also very proceduralized what they can ask you, and even then there's a carveout for not incriminating yourself. Conspiracy and blackmail are only secondarily about speech. There's a criminal intent that you either made clear yourself or they have to prove.
The internet is like media (press) or communication by letters. Both extremely established in terms of guaranteeing freedom of speech and in the latter case, also secrecy. And the ID identification (that you then make your argument about) is only loosely related to free speech strictly. It's about being constantly searched and surveilled with a presumption of crime.
When Microsoft proposed such a scheme in the early 2000s under the name "Palladium", even the mainstream press decried it as a nightmare scenario. Google did pretty much the same thing in 2014 with Safetynet and there was barely a whimper. How did we lose our way?
Back with palladium the people that used computers were still mostly knowledgeable like us. These days everyone carries a phone and nobody really understands the impact. In fact many people in the EU are even against the opening of iOS because they feel comfortable in apple's walled garden. Many people consider privacy a lost battle (I often get the argument "why are you railing against this, you have no privacy anymore anyway"). And that's from intelligent people usually.
People often say things like this, but it's not supported by polling (or my own extensive anecdotal evidence) whatsoever. [1] For instance 81% believe the risks outweigh the benefits of corporate data collection, and 66% believe the same of government data collection.
64% would be uncomfortable with companies sharing their personal data with outside groups doing research that "might help them improve society", which is great because it shows people understand that such phrases aren't just about sitting around and singing kumbaya.
[1] - https://www.pewresearch.org/internet/2019/11/15/americans-an...
3 replies →
> In fact many people in the EU are even against the opening of iOS
True, but I am not sure it is even that many people.
This whole narrative is strongly driven by Apple themselves, one of their strategies against regulations like the EU Digital Markets Act is to rally its userbase against the EU.
How did we lose our way?
They figured out that much of the population is easily manipulated and controlled by exploiting their desire for "safety and security" --- in stark contrast to that classic Franklin quote (yes, I know the context isn't the same, but the words are otherwise a perfect fit for the situation.) It's only a minority of the population; and I'd suspect a smaller minority in the EU than the US; which is willing to argue against it.
Next time you find yourself arguing for something or doing things a certain way, throw in an "it's better for security" or similar phrase with a plausible-sounding argument why, and see how easily it shuts down the opposition. In my experience, many won't even question it.
On a PC people are used to tinker around, the whole ecosystem is built around that assumption.
The smartphone was a closed ecosystem from the start, tinkering around was an uphill battle fought with custom ROMs that only few users dared to try (if the bootloader wasn't locked down to begin with). Adding more restrictions didn't have much impact on most users.
Palladium was just one issue. Now it's one of dozens.
Even activists can get exhausted
Politics and money.
fatigue.
same idea has been pushed since forever(you can include ACTA and other copyright protectionist movements like that as its originators too) over and over again.
People need to protest all the time and win, legislators can just keep pushing it over and over again.
What's even worse you get really smart people seeing noting wrong with this.. Meanwhile this reeks of same methods that were used in my country under communist regime.
>or for that matter, the UK.
Hate to say it mate, UK is already one of the worst offenders.
In their own "internet bubble," with curated Google searches that only present a very "Commonwealth countries bias" in search results. After I worked in the UK for a couple of years, I noticed there is a strong bias toward the same sites (Government and UK companies, especially biased toward "facts"). Second, you leave the UK. You will never get it. Try a VPN outside of the UK and search for the same stuff, you will notice it right away.
The UK have used the "think about the children" excuse for different stuff they don't like (Remember the Porn pass Idea? Where you had to go down to your local Tesco to get a "wanker pass" from the cashier.)
Same thing, now just for EU, and they use the "protect the children" excuse, but they have now started to aim at video game companies and others to "verify" age for the sake of "protecting the children". It is horrifying that they want to ID children in the excuse of their "safety". In a couple of years, they will likely offer free in-game currency to trick users into giving away their personal information.
> There is some amusing irony in the EU relying on the US for furthering its own authoritarianism.
I think you're trying too hard to post cynical remarks as if the were this major gotcha. Even though the bill is quite awful, Occam's razor is quick to point out this has all the hallmarks of an overzealous technocrat than authoritarianism. Try to think about it for a second:
- the goal of the legislation is to ensure adult content is not provided or actively pushed to children,
- adult content is pushed primarily by tech platforms,
- the strategy is to allow access to adult content only to users who prove they are adults,
- the strategy followed is to push an age verification system.
- technocrats know age verification systems can be circumvented if tampered with.
- technocrats proceed to add provisions that mitigate the risk of tampering age verification systems.
The detail you're glancing over is US's hegemony over social media and tech platforms. The world is dominated by three platforms: Microsoft's, Apple's, Google's. Even Samsung is not European. How do you expect to push a technical solution for an authorization platform without leveraging the systems that people use?
Also, the way the current US administration is pushing their blend of fascism onto the world is something I do not find funny. If anything, this would mean the American fascists are succeeding.
> How do you expect to push a technical solution for an authorization platform without leveraging the systems that people use?
Imagine a world in which there are ten thousand phone platforms, some of them are developed by communities rather than business entities, and anyone can easily create a new one. Can your system function in that world? If so, then do it that way. If not, then assume it shouldn't work and stop trying to build it.
> Imagine a world in which there are ten thousand phone platforms, some of them are developed by communities rather than business entities, and anyone can easily create a new one.
You'd be imagining a world that's very different from reality. Lawmakers have to operate in reality, though.
2 replies →
> the goal of the legislation is to ensure adult content is not provided or actively pushed to children,
Yeah, you can stop here. https://en.wikipedia.org/wiki/Think_of_the_children
It's completely unnecessary,there are plenty of parental control options and software for parents to install.
What will happen in reality is that videos and information is labelled adult content when in reality it isn't, e.g. videos of democratic protests. How do I know that? Because that's what's already happening.
> How do you expect to push a technical solution for an authorization platform without leveraging the systems that people use?
Hardware attestation is an Open standard in the Android world, and it doesn't require Google buttplug in the phone to function.
Details here: https://grapheneos.org/articles/attestation-compatibility-gu...
(I'm not discussing with your other points because at this point they're null and void)
> an overzealous technocrat than authoritarianism
Maybe an easy to manipulate technocrat with an authoritarian figure guiding them from behind.
> the goal of the legislation is to ensure adult content is not provided or actively pushed to children
It always starts with the children or terrorists. It's an easy way to sneak the idea in your head. You wouldn't want children to be harmed or terrorists to win, would you? Once you got used to the though, everything else follows.
Name something you want or like I can lazily turn it into a "think of the children" situation.
My phone is rooted and passes "Device security checks", even though it's not supposed to.
I don't know how it works technically, but clearly there's a way to fake it.
AFAIK there are still cracks available, although it's been getting more difficult over time.
This is another one of the reasons why I'm opposed to the current trend of "memory safety" that the megacorps are so enthusiastic about. When insecurity is freedom, and security means securing against the user's control, attacking insecurity will only close off paths to freedom.
> This is another one of the reasons why I'm opposed to the current trend of "memory safety"
So the argument is that those buffer overflows in iMessage used to target people (i.e. https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-i... used to target a Saudi activist) are actually good because a hacker might jailbreak a phone with it?
It's good if all my software on linux crashes with segfaults because it might let someone unlock a locked down linux device one day?
I don't feel particularly free if my device is pwned with ransomware
1 reply →
There are two levels, one can be faked, one can not.
The strong integrity can be faked if you have the keys from a trusted phone that has a security flaw that allows key extraction. I think google bans these from time to time.
1 reply →
It's no irony.
Well payed "transatlantic" lobbyists across all political parties of the EU at work.
They are self-serving and learnt to give a big F* about the citizens of the EU.
You can't have privacy-friendy age verification that is also compatible with tinkering.
The problem is relay services that supply positive age verification results to any interested user for a fee. With a non-privacy-preserving solution, those aren't a problem, law enforcement can just track whose credentials those services are using and shut them down.
I'm not a fan of the whole idea in general, but if we have to choose, I choose privacy over hackability.
But you can, and GrapheneOS shows exactly why. And there are developers who instead of choosing fake and flaved* Google "attestation", choose to conduct hardware attestation.
*Google claims phones not updated for the last 8 years are secure merely because they have privileged Google services. Tell you what: many of them are rooted, with Google play services blind to it, and still claiming phones are "verified".
GrapheneOS has a privileged position in the Android ecosystem due to their connections to Google, so they can pass the STRONG version of attestation.
If you're not passing STRONG attestation it's exceptionally difficult to protect against AI video injection attacks.
It's already happening for several apps such as banking apps, payment apps, government ID apps, etc.
Or, for that matter, the US. https://www.congress.gov/bill/118th-congress/house-bill/7891...
And people used to be ridiculed by claiming the EU is basically a Soviet Union with better looking face.
But slowly slowly it will turn into mass terror and deaths. The control freaks in power are taking our freedoms away inch by inch.