Comment by soco
1 day ago
"Let’s say I downloaded the app, proved that I am over 18, then my nephew can take my phone, unlock my app and use it to prove he is over 18." - and how is that something that could, or should, be addressed by the app? Are we even serious??
well of course because the whole reason you're making free men and women verify their identity with government-issued documents... was supposed to be to prevent that. If its not going to prevent such an easy work-around ITS NOT WORTH IT (not that it was in the first place)
The phone also needs to be rooted for any of the attacks to work.
At least that's what the manufacturer's AI generated article says: https://eidas-pro.com/blog/eu-age-verification-app-hack-expl...
Because people share phones with their kids. It's not rare or even mildly unusual. The problem isn't that the app needs to solve this. The problem is the app is useless, along with this whole bizarre "need for age verification" plot that poofed out of existence simultaneously around the whole globe mysteriously a few months ago.
Well, reality called and says: Like ID, drivers license, credit cards and guns: Phones are sth. you dont just "share" with your kids. Also there is an option to guard the ID App with an additional PIN/Biometric.
That's not reality for many of us. I don't consider my phone a secure device by any means. It has nothing on it that I'd regard as something I'd need to guard against my family.
I know a fair number of especially elderly people who want to disable PIN and bio-metrics from their phone, because they view it as a pain to deal with.
PINs can also be guessed or someone might look you over the shoulder and steal it that way. Many phones still doesn't have biometrics, or people don't want to use it.
Our realities might be different, but in my reality a cell phone, which you almost by definition brings with you out in the world, should never be considered a secure device.
10 replies →
A phone isn't going to run off the road and kill 7 people. This is nonsense and you know it.
And yes, phones are something parents do "just" share with their kids because nobody is bizarre enough to look at a phone the same way as a gun or a car. It's the YouTube device that can talk to grandma. All you have to do to see proof that it's something people "just" share is to walk into a grocery store and look at parents pushing kids in carts while those kids watch videos. 25 years ago those phones were Game Boys. Nobody is seeing them as a gun. That's the most disconnected from reality take I've seen in my life.
10 replies →
In theory, maybe yes. But in practice people do share their phones with their kids.
1 reply →
That's why a lot of apps have a secondary login (PIN code, biometrics).
My kid can take my phone and not be able to transfer any money form my bank account, because it's protected by pin and biometrics.
That's a solved problem and making an immense vulnerability out of it is silly.
Exactly. "Age verification" is the "think of the children" marketing campaign for "identity verification". Governments don't like anonymity; it makes it harder to find those they consider enemies. But it's hard to market something people don't want and get no benefit from. So, you dress it up in fear and make it easy to villify people who argue against it.
Stop with the scaremongering.
This is a reference app implementation that uses a detailed framework which explicitly has as a core tenet double blindness. The place you prove your age to has no idea about anything other than you being of age, and the thing you use to prove your age has no idea about where you're using that proof.
2 replies →
The Solution: constant face tracking /s